CVE-2023-3106 - OpenCVE

A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc5::::::
	cpe:2.3:o:linux:linux_kernel:4.8:rc6::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2023-3106
https://bugzilla.redhat.com/show_bug.cgi?id=2221501
https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635
https://nvd.nist.gov/vuln/detail/CVE-2023-3106
https://www.cve.org/CVERecord?id=CVE-2023-3106

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-07-12T08:27:58.635Z

Updated: 2024-08-20T14:30:14.716Z

Reserved: 2023-06-05T13:55:28.745Z

Link: CVE-2023-3106

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-12T09:15:14.550

Modified: 2024-02-15T16:03:47.757

Link: CVE-2023-3106

Redhat

Severity : Moderate

Publid Date: 2016-07-18T00:00:00Z

Links: CVE-2023-3106 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3106", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-06-05T13:55:28.745Z", "datePublished": "2023-07-12T08:27:58.635Z", "dateUpdated": "2024-08-20T14:30:14.716Z"}, "containers": {"cna": {"title": "Kernel: netlink socket crash (null pointer deref) in netlink_dump function", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "kernel-rt", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3106", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221501", "name": "RHBZ#2221501", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635"}], "datePublic": "2016-07-18T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "timeline": [{"lang": "en", "time": "2023-06-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2016-07-18T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-08-20T14:30:14.716Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.201Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3106", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221501", "name": "RHBZ#2221501", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C441EE1-EC9F-4D9D-95A4-3FD494363278", "versionEndExcluding": "3.16.39", "versionStartIncluding": "3.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C132AFE-2E0B-47FD-BBAB-B5D5E3AC6DD1", "versionEndExcluding": "4.4.223", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6C1817C-C779-47B1-B9F7-A77838991F27", "versionEndExcluding": "4.7.10", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "4DCA12A5-2DA5-4357-9C9A-D57CA605BAB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "9A2F7F5F-5684-4D0A-8AB9-22F739A4CA38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "35868503-6ECC-47B7-A31E-1030CDBD9AC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "5A6BD9A6-A3A8-4277-80ED-A169FD374D5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "22786B53-9B60-4708-9176-276DF0767E9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:4.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "1AAE030D-F039-4E93-BFA5-74456E2FC4A5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely."}], "id": "CVE-2023-3106", "lastModified": "2024-02-15T16:03:47.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-07-12T09:15:14.550", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3106"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221501"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: Netlink socket crash (null pointer deref) in netlink_dump function", "id": "2221501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221501"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.", "A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely."], "name": "CVE-2023-3106", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2016-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3106\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3106\nhttps://github.com/torvalds/linux/commit/1ba5bf993c6a3142e18e68ea6452b347f9cb5635"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.8-rc7"}